Azure Policy definition structure aliases
You use property aliases to access specific properties for a resource type. Aliases enable you to restrict what values or conditions are allowed for a property on a resource. Each alias maps to paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version.
The list of aliases is always growing. To find which aliases Azure Policy supports, use one of the following methods:
Azure Policy extension for Visual Studio Code (recommended)
Use the Azure Policy extension for Visual Studio Code to view and discover aliases for resource properties.
Azure PowerShell
# Login first with Connect-AzAccount if not using Cloud Shell # Use Get-AzPolicyAlias to list available providers Get-AzPolicyAlias -ListAvailable # Use Get-AzPolicyAlias to list aliases for a Namespace (such as Azure Compute -- Microsoft.Compute) (Get-AzPolicyAlias -NamespaceMatch 'compute').Aliases
Note
To find aliases that can be used with the modify effect, use the following command in Azure PowerShell 4.6.0 or higher:
Get-AzPolicyAlias | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.DefaultMetadata.Attributes -eq 'Modifiable' }
Azure CLI
# Login first with az login if not using Cloud Shell # List namespaces az provider list --query [*].namespace # Get Azure Policy aliases for a specific Namespace (such as Azure Compute -- Microsoft.Compute) az provider show --namespace Microsoft.Compute --expand "resourceTypes/aliases" --query "resourceTypes[].aliases[].name"
REST API
GET https://management.azure.com/providers/?api-version=2019-10-01&$expand=resourceTypes/aliases
Understanding the array alias
Several of the aliases that are available have a version that appears as a normal name and another that has [*]
attached to it, which is an array alias. For example:
Microsoft.Storage/storageAccounts/networkAcls.ipRules
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]
The normal alias represents the field as a single value. This field is for exact match comparison scenarios when the entire set of values must be exactly as defined.
The array alias
[*]
represents a collection of values selected from the elements of an array resource property. For example:
Alias | Selected values |
---|---|
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*] |
The elements of the ipRules array. |
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*].action |
The values of the action property from each element of the ipRules array. |
When used in a field condition, array aliases make it possible to compare each individual array element to a target value. When used with count expression, it's possible to:
- Check the size of an array.
- Check if all\any\none of the array elements meet a complex condition.
- Check if exactly
n
array elements meet a complex condition.
For more information and examples, see Referencing array resource properties.
Next steps
- For more information about policy definition structure, go to basics, parameters, and policy rule.
- For initiatives, go to initiative definition structure.
- Review examples at Azure Policy samples.
- Review Understanding policy effects.
- Understand how to programmatically create policies.
- Learn how to get compliance data.
- Learn how to remediate non-compliant resources.
- Review what a management group is with Organize your resources with Azure management groups.
Povratne informacije
https://aka.ms/ContentUserFeedback.
Stiže uskoro: Tijekom 2024. postupno ćemo ukinuti servis Problemi sa servisom GitHub kao mehanizam za povratne informacije za sadržaj i zamijeniti ga novim sustavom za povratne informacije. Dodatne informacije potražite u članku:Pošaljite i pogledajte povratne informacije za